Apparatus And Method For Defending Against Control Flow Attack, And Processor

1. An apparatus for defending against control flow attack, comprising: a key acquisition circuit, configured to acquire response data, which is output by a physical unclonable function unit to an input stimulus, and store the response data in a register as key data to be used, the physical unclonable function unit gives a unique response to each stimulus based on hardware characteristics; an encryption circuit, configured to encrypt target execution data in a program control flow based on the key data in the process of a processor executing the program control flow, the target execution data comprising at least one of a target instruction at an indirect jump destination address and a function call return address; a decryption circuit, configured to decrypt the encrypted target execution data when the processor is to execute the target execution data; and an execution circuit, configured to continue to execute the program control flow based on the decrypted target execution data, wherein the encryption circuit is further configured to, when the target execution data comprises the target instruction at the indirect jump destination address, in the process of the processor executing the program control flow, read the key data from the register through the hardware engine when the program control flow comprises an indirect jump instruction; and in the process of loading the indirect jump instruction into the memory, encrypt the target instruction at the indirect jump destination address based on the key data through the hardware engine, and load the encrypted target instruction into the memory.

2. The apparatus for defending against control flow attack according to claim 1, wherein the target execution data is a function call return address; the encryption circuit is further configured to, in the process of the processor executing the program control flow, read the key data from the register through a hardware engine when the program control flow comprises a function call instruction; encrypt the function call return address based on the key data, and push the encrypted function call return address into a program stack; and the decryption circuit is further configured to fetch the encrypted function call return address from the program stack through the hardware engine when the execution of the called function by the function call instruction ends, and decrypt the fetched function call return address based on the key data.

3. The apparatus for defending against control flow attack according to claim 2, wherein the execution circuit is further configured to send the decrypted function call return address to the register through the hardware engine; and control the program control flow to be jumped to the decrypted function call return address through the processor to continue to execute the program control flow.

4. The apparatus for defending against control flow attack according to claim 1, wherein the encryption circuit is further configured to perform the following encryption process on the target instruction through the hardware engine: in the process of loading the indirect jump instruction into the memory, encrypt the target instruction based on the key data and information on encryption and decryption length obtained from the register; and the decryption circuit is further configured to perform the following decryption process on the encrypted target instruction through the hardware engine: decrypt the encrypted target instruction based on the same information on encryption and decryption length and the same key data as the encryption process.

5. The apparatus for defending against control flow attack according to claim 1, wherein the execution circuit is further configured to send the decrypted target instruction to the register through the hardware engine, and execute the decrypted target instruction through the processor.

6. The apparatus for defending against control flow attack according to claim 1, wherein the key acquisition circuit is further configured to acquire the response data, which is output by the physical unclonable function unit to the input stimulus, when a memory security threshold of a target system does not exceed a target threshold, and store the response data in a first designated register of the register as the key data to be used and store information on encryption and decryption length in a second designated register of the register; and when the memory security threshold of the target system exceeds the target threshold, obtain the key data based on an XOR encryption and decryption instruction sequence, and store the key data in a third designated register of the register.

7. A method for defending against control flow attack, comprising: acquiring response data, which is output by a physical unclonable function unit to an input stimulus, and storing the response data in a register as key data to be used, the physical unclonable function unit gives a unique response to each stimulus based on hardware characteristics; encrypting target execution data in a program control flow based on the key data in the process of a processor executing the program control flow, the target execution data comprising at least one of a target instruction at an indirect jump destination address and a function call return address; decrypting the encrypted target execution data when the processor is to execute the target execution data; and continuing to execute the program control flow based on the decrypted target execution data, when the target execution data comprises the target instruction at the indirect jump destination address, the encrypting the target execution data in the program control flow based on the key data comprises: in the process of the processor executing the program control flow, reading the key data from the register through a hardware engine when the program control flow comprises an indirect jump instruction; and in the process of loading the indirect jump instruction into the memory, encrypting the target instruction at the indirect jump destination address based on the key data through the hardware engine, and loading the encrypted target instruction into the memory.

8. The method for defending against control flow attack according to claim 7, wherein the target execution data is a function call return address; the encrypting the target execution data in the program control flow based on the key data in the process of the processor executing the program control flow comprises: in the process of the processor executing the program control flow, reading the key data from the register through a hardware engine when the program control flow comprises a function call instruction; and encrypting the function call return address based on the key data, and pushing the encrypted function call return address into a program stack; the decrypting the encrypted target execution data when the processor is to execute the target execution data comprises: fetching the encrypted function call return address from the program stack through the hardware engine when the execution of the called function by the function call instruction ends, and decrypting the fetched function call return address based on the key data.

9. The method for defending against control flow attack according to claim 8, wherein the continuing to execute the program control flow based on the decrypted target execution data comprises: sending the decrypted function call return address to the register through the hardware engine; and controlling the program control flow to be jumped to the decrypted function call return address through the processor to continue to execute the program control flow.

10. The method for defending against control flow attack according to claim 8, wherein the encrypting the target instruction at the indirect jump destination address based on the key data through the hardware engine comprises: performing the following encryption process on the target instruction through the hardware engine: in the process of loading the indirect jump instruction into the memory, encrypting the target instruction based on the key data and information on encryption and decryption length obtained from the register; and the decrypting the encrypted target execution data comprises: performing the following decryption process on the encrypted target instruction through the hardware engine: decrypting the encrypted target instruction based on the same information on encryption and decryption length and the same key data as the encryption process.

11. The method for defending against control flow attack according to claim 7, wherein the continuing to execute the program control flow based on the decrypted target execution data comprises: sending the decrypted target instruction to the register through the hardware engine, and executing the decrypted target instruction through the processor.

12. The method for defending against control flow attack according to claim 7, wherein the acquiring the response data, which is output by the physical unclonable function unit to the input stimulus, and storing the response data in the register as the key data to be used comprise: acquiring the response data, which is output by the physical unclonable function unit to the input stimulus, when a memory security threshold of a target system does not exceed a target threshold, and storing the response data in a first designated register as the key data to be used and storing information on encryption and decryption length in a second designated register; and when the memory security threshold of the target system exceeds the target threshold, obtaining the key data based on an XOR encryption and decryption instruction sequence, and storing the key data in a third designated register.